From 8f027a403de35841476c0a0736bc96c2b3e9023f Mon Sep 17 00:00:00 2001 From: Simon Willison Date: Fri, 3 Sep 2021 15:25:29 -0700 Subject: [PATCH] Notarize configuration, refs #50 --- package-lock.json | 90 +++++++++++++++++++++++++++++++++++++++++++++ package.json | 13 ++++++- scripts/notarize.js | 19 ++++++++++ 3 files changed, 121 insertions(+), 1 deletion(-) create mode 100644 scripts/notarize.js diff --git a/package-lock.json b/package-lock.json index 3c39034..435ed65 100644 --- a/package-lock.json +++ b/package-lock.json @@ -15,6 +15,7 @@ "devDependencies": { "electron": "^13.2.1", "electron-builder": "^22.11.7", + "electron-notarize": "^1.1.1", "mocha": "^9.1.0", "spectron": "^15.0.0" } @@ -2017,6 +2018,55 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/electron-notarize": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/electron-notarize/-/electron-notarize-1.1.1.tgz", + "integrity": "sha512-kufsnqh86CTX89AYNG3NCPoboqnku/+32RxeJ2+7A4Rbm4bbOx0Nc7XTy3/gAlBfpj9xPAxHfhZLOHgfi6cJVw==", + "dev": true, + "dependencies": { + "debug": "^4.1.1", + "fs-extra": "^9.0.1" + }, + "engines": { + "node": ">= 10.0.0" + } + }, + "node_modules/electron-notarize/node_modules/fs-extra": { + "version": "9.1.0", + "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz", + "integrity": "sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==", + "dev": true, + "dependencies": { + "at-least-node": "^1.0.0", + "graceful-fs": "^4.2.0", + "jsonfile": "^6.0.1", + "universalify": "^2.0.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/electron-notarize/node_modules/jsonfile": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", + "integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==", + "dev": true, + "dependencies": { + "universalify": "^2.0.0" + }, + "optionalDependencies": { + "graceful-fs": "^4.1.6" + } + }, + "node_modules/electron-notarize/node_modules/universalify": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz", + "integrity": "sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ==", + "dev": true, + "engines": { + "node": ">= 10.0.0" + } + }, "node_modules/electron-prompt": { "version": "1.6.2", "resolved": "https://registry.npmjs.org/electron-prompt/-/electron-prompt-1.6.2.tgz", @@ -7149,6 +7199,46 @@ } } }, + "electron-notarize": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/electron-notarize/-/electron-notarize-1.1.1.tgz", + "integrity": "sha512-kufsnqh86CTX89AYNG3NCPoboqnku/+32RxeJ2+7A4Rbm4bbOx0Nc7XTy3/gAlBfpj9xPAxHfhZLOHgfi6cJVw==", + "dev": true, + "requires": { + "debug": "^4.1.1", + "fs-extra": "^9.0.1" + }, + "dependencies": { + "fs-extra": { + "version": "9.1.0", + "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz", + "integrity": "sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==", + "dev": true, + "requires": { + "at-least-node": "^1.0.0", + "graceful-fs": "^4.2.0", + "jsonfile": "^6.0.1", + "universalify": "^2.0.0" + } + }, + "jsonfile": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", + "integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==", + "dev": true, + "requires": { + "graceful-fs": "^4.1.6", + "universalify": "^2.0.0" + } + }, + "universalify": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz", + "integrity": "sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ==", + "dev": true + } + } + }, "electron-prompt": { "version": "1.6.2", "resolved": "https://registry.npmjs.org/electron-prompt/-/electron-prompt-1.6.2.tgz", diff --git a/package.json b/package.json index 9377045..9aa3db1 100644 --- a/package.json +++ b/package.json @@ -13,8 +13,18 @@ "build": { "appId": "io.datasette.app", "mac": { - "category": "public.app-category.developer-tools" + "category": "public.app-category.developer-tools", + "hardenedRuntime" : true, + "gatekeeperAssess": false, + "entitlements": "build/entitlements.mac.plist", + "entitlementsInherit": "build/entitlements.mac.plist", + "binaries": [ + "./dist/mac/Datasette.app/Contents/Resources/python/bin/python3.9", + "./dist/mac/Datasette.app/Contents/Resources/python/lib/python3.9/lib-dynload/xxlimited.cpython-39-darwin.so", + "./dist/mac/Datasette.app/Contents/Resources/python/lib/python3.9/lib-dynload/_testcapi.cpython-39-darwin.so" + ] }, + "afterSign": "scripts/notarize.js", "extraResources": [ { "from": "python", @@ -34,6 +44,7 @@ "devDependencies": { "electron": "^13.2.1", "electron-builder": "^22.11.7", + "electron-notarize": "^1.1.1", "mocha": "^9.1.0", "spectron": "^15.0.0" }, diff --git a/scripts/notarize.js b/scripts/notarize.js new file mode 100644 index 0000000..89a1309 --- /dev/null +++ b/scripts/notarize.js @@ -0,0 +1,19 @@ +/* Based on https://kilianvalkhof.com/2019/electron/notarizing-your-electron-application/ */ + +const { notarize } = require("electron-notarize"); + +exports.default = async function notarizing(context) { + const { electronPlatformName, appOutDir } = context; + if (electronPlatformName !== "darwin") { + return; + } + + const appName = context.packager.appInfo.productFilename; + + return await notarize({ + appBundleId: "io.datasette.app", + appPath: `${appOutDir}/${appName}.app`, + appleId: process.env.APPLEID, + appleIdPassword: process.env.APPLEIDPASS, + }); +};